C:\Users\tuker\source\repos\tuke\x64\Release\tuke.pdb
Static task
static1
1 signatures
General
-
Target
5819mb2ba82h.zip
-
Size
517KB
-
MD5
94fb320825b11418189e2681179c2487
-
SHA1
85e2c0cc6dcd33eace267deb6a05c5d2267f3980
-
SHA256
68caccaa6e2b6af7192297fa2e92b5d8f3734f3ab766890600f49ee7ed2cc8ab
-
SHA512
e16262fc990d49a7b720380fb8e510be012efe6109d490349e53df6b98312e25ffd73b36e398fd841e162bf4418128657ad5dd351b473fa7228ddae2c8b4e882
-
SSDEEP
12288:pCdML8pwvrOhxpWYFcZWEtJE3Uh5mA+AoFpcS6wn/T:785sYFcp9+AoFpcSXn/T
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/setup (TUKE 1.0.0).exe unpack001/setup (TUKE 1.0.3).exe unpack001/setup (TUKE 1.1.1).exe
Files
-
5819mb2ba82h.zip.zip
-
setup (TUKE 1.0.0).exe.exe windows:6 windows x64 arch:x64
4ab12d482a5b27fbeba77689cf87859b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
d3d9
Direct3DCreate9
kernel32
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
CreateThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateToolhelp32Snapshot
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CloseHandle
Module32First
Module32Next
OpenProcess
GetConsoleWindow
DeleteCriticalSection
user32
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
UpdateWindow
LoadCursorA
ScreenToClient
SetCursorPos
FindWindowA
ShowWindow
GetWindowThreadProcessId
SendInput
GetForegroundWindow
GetAsyncKeyState
GetCapture
GetClassLongPtrW
ClientToScreen
IsChild
GetCursorPos
SendMessageA
SetClipboardData
GetClipboardData
ReleaseCapture
GetClientRect
SetCursor
SetCapture
TrackMouseEvent
OpenClipboard
CloseClipboard
EmptyClipboard
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Random_device@std@@YAIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
ntdll
ZwReadVirtualMemory
ZwWriteVirtualMemory
ZwQueryVirtualMemory
winmm
PlaySoundA
imm32
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
_CxxThrowException
__C_specific_handler
memmove
memcpy
memcmp
memchr
__current_exception_context
__current_exception
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
api-ms-win-crt-time-l1-1-0
clock
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_c_exit
_cexit
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
_initialize_narrow_environment
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
api-ms-win-crt-multibyte-l1-1-0
_mbsicmp
api-ms-win-crt-stdio-l1-1-0
ftell
fflush
__p__commode
_set_fmode
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
_wfopen
fwrite
fclose
fseek
__acrt_iob_func
api-ms-win-crt-string-l1-1-0
strncpy
strcmp
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-heap-l1-1-0
_set_new_mode
_callnewh
free
malloc
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
__setusermatherr
roundf
sinf
sqrtf
cosf
ceilf
fmodf
acosf
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 184B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setup (TUKE 1.0.3).exe.exe windows:6 windows x64 arch:x64
50b30da1b43153598da37c3f8b076066
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\tuker\source\repos\tuke\x64\Release\tuke.pdb
Imports
d3d9
Direct3DCreate9
kernel32
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
CreateThread
Sleep
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
IsProcessorFeaturePresent
OpenProcess
Module32First
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
Module32Next
GetConsoleWindow
InitializeSListHead
user32
GetCapture
ScreenToClient
UpdateWindow
DispatchMessageA
DestroyWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
ClientToScreen
ShowWindow
IsChild
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
ReleaseCapture
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SendMessageA
SendInput
GetAsyncKeyState
FindWindowA
GetForegroundWindow
GetClassLongPtrW
GetWindowThreadProcessId
GetCursorPos
SetCursorPos
LoadCursorA
msvcp140
?_Random_device@std@@YAIXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
ntdll
ZwReadVirtualMemory
ZwQueryVirtualMemory
ZwWriteVirtualMemory
winmm
PlaySoundA
imm32
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
memchr
strstr
memset
memcmp
memcpy
memmove
api-ms-win-crt-heap-l1-1-0
_callnewh
malloc
free
_set_new_mode
api-ms-win-crt-time-l1-1-0
clock
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
__p___argc
_exit
_cexit
__p___argv
exit
_initterm_e
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initterm
_seh_filter_exe
_set_app_type
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_crt_atexit
api-ms-win-crt-multibyte-l1-1-0
_mbsicmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vsprintf
fclose
fseek
fread
fflush
__p__commode
ftell
_wfopen
_set_fmode
fwrite
api-ms-win-crt-string-l1-1-0
strncpy
strcmp
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
fmodf
cosf
ceilf
__setusermatherr
roundf
acosf
sinf
sqrtf
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 245KB - Virtual size: 245KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 184B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setup (TUKE 1.1.1).exe.exe windows:6 windows x64 arch:x64
7b6718ce1cf36de828a101a27dce53ea
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\tuker\source\repos\tuke\x64\Release\tuke.pdb
Imports
d3d9
Direct3DCreate9
kernel32
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
OpenProcess
IsProcessorFeaturePresent
Module32First
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
Module32Next
GetConsoleWindow
InitializeSListHead
user32
GetCapture
ScreenToClient
UpdateWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
RegisterClassExA
ClientToScreen
ShowWindow
IsChild
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
ReleaseCapture
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SendMessageA
SendInput
GetAsyncKeyState
FindWindowA
GetForegroundWindow
GetClassLongPtrW
GetWindowThreadProcessId
GetCursorPos
SetCursorPos
LoadCursorA
msvcp140
?_Random_device@std@@YAIXZ
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
ntdll
ZwReadVirtualMemory
ZwQueryVirtualMemory
ZwWriteVirtualMemory
winmm
PlaySoundA
imm32
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
memchr
strstr
memset
memcmp
memcpy
memmove
api-ms-win-crt-heap-l1-1-0
_callnewh
malloc
free
_set_new_mode
api-ms-win-crt-time-l1-1-0
clock
api-ms-win-crt-runtime-l1-1-0
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_initialize_narrow_environment
_crt_atexit
__p___argc
_exit
__p___argv
_initterm_e
_initterm
_cexit
_configure_narrow_argv
_get_initial_narrow_environment
terminate
exit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_register_onexit_function
api-ms-win-crt-multibyte-l1-1-0
_mbsicmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vsprintf
fclose
fseek
fread
fflush
__p__commode
ftell
_wfopen
_set_fmode
fwrite
api-ms-win-crt-string-l1-1-0
strncpy
strcmp
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-math-l1-1-0
fmodf
cosf
ceilf
__setusermatherr
roundf
acosf
sinf
sqrtf
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 247KB - Virtual size: 246KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ